Skip to content

Products

ServerMask Starting at $199.95

Buy Now Free Trial

ServerMask
Check Your Server Headers:

Stop Information Leakage: Web Server Anonymization

Obscure Headers, Cookies, & Error Messages

View Screenshots

Broadcasting your Web server's identity allows intruders to complete their first task -- fingerprinting your technology.

ServerMask removes unnecessary HTTP header and response data:

  • Camouflages by providing false signatures
  • Modifies cookie values
  • Eliminates the need to serve file extensions
  • Serves custom error pages

Port80 Software's ServerMask is clearly the best solution yet produced for managing IIS HTTP headers.

Brett Hill, Microsoft MVP & IIS Guru of www.iistraining.com
Read more testimonials

ServerMask allowed us to surpass our government requirements for host and network anti-reconnaissance... and defeat over 1,300 probe attacks in one audit.

IT Manager & LAN Administrator, U.S. General Services Administration
Read case study

Information masking encourages misguided exploits, snaring attackers with your firewalls and Intrusion Detection System.

ServerMask augments these defenses to build more secure networks and return better results on security audits.

ServerMask protects thousands of financial institutions, governments, and Fortune 1000 companies around the world. Installation and configuration takes only minutes; download ServerMask today.

New ServerMask Version 4 with 64-bit Support

Pricing

Learn more about Port80 Software evaluation and licensing

Related Information:

Features

New in v4.0

  • Application-layer error suppression for PCI compliance
  • Completely redesigned user interface, featuring 100% managed code
  • Multiple default profiles and the ability to create custom profiles
  • Per-site configuration, allowing unique settings to be applied per domain
  • 64-bit support
  • Auto-generated decoy cookies and headers
  • One-to-many cookie masking
  • Customizable HTTP error messages (CustomError functionality)

Product Highlights

  • Mask the Server name header in a number of ways:
    • Remove altogether
    • Replace with one of 30 other Web server signatures
    • Replace with one a custom server name you create
    • Select multiple false Web server signatures and randomize the response (you select how often a response is refreshed).
  • Emulate Apache's HTTP header order
  • Emulate the ETAG and ALLOW header formats of non-IIS servers
  • Remove unnecessary HTTP headers, such as PUBLIC, X-POWERED-BY and others
  • Rewrite identifying session cookie names such as ASPSessionID and ASP.NET_SessionId using one or more alternative names; fabricate decoy cookies to further confuse attackers
  • Rewrite 404 and application-layer errors for PCI compliance; suppress info leakage by converting 500-range errors to 404 errors, then presenting custom 404 responses (CustomError functionality)
  • Remove identifying file extensions such as .asp, .aspx and other Microsoft technologies from source code and URL display

System Requirements

  • OS: Windows Server 2003 with Service Pack 2 or Server 2000 with SP4
  • Hardware: x86 (32-bit) or x64 (64-bit)
  • Note: IIS 7 / Windows Server 2008 not yet supported (sign up for the IIS 7 Beta Alert)

The following runtimes are also required but can be installed by the ServerMask installer if not already present on the target system:

Support and Upgrades

Port80 Software stands behind our products 100%. Given the nature of Web server utilities, various environments and third party applications may cause new and unforeseen conflicts. Therefore, Port80 pledges to work with you to ensure our products run in all testing and production environments - if you work with us, we will work with you to make your IIS Web server safer, faster and friendlier.